We’re big fans of WordPress here at DreamHost. It powers this website and many of our own personal websites. It’s also probably the number one most popular web application running on our servers.

It’s so popular in fact that it’s increasingly become the target of security exploits. Fortunately for all of us, the WordPress coders have done a good job patching up security holes quickly once they’ve been discovered. Unfortunately, that doesn’t matter one bit if you don’t update the copy of WordPress running your website.

If you are a lucky DreamHost customer, installing and updating WordPress is very easy. You really have no excuse for not updating.

We provide a one-click installer and upgrader for WordPress (and several other popular web applications) making it as simple as clicking a button in our web panel. We even let you request that we email you whenever a new release is available so you don’t have to keep track of it yourself.

If that is still too much effort and you are willing to give up some flexibility, we also provide what we call an easy one-click installer, which is really just a fully managed and hosted version of WordPress that we update and maintain for you. Even better, you can get this service from us absolutely free from DreamHost Apps (which also includes a bunch of other popular web apps for the same $0 price tag).

Why Not?

The only reason I can think of to not upgrade WordPress as soon as it is released is the worry that it will break some plugin you’re using. While that is a very valid concern, you should really consider how much those pesky plugins are worth to your website. Are they worth the days of time it might take you to clean up a hacked website? Are they worth the shame you would feel if your hacked website is used as a base to infect hundreds or thousands of other websites? These are very real risks. If you are using a plugin that prevents you from easily upgrading your WordPress install, please consider abandoning it or finding a replacement that’s more robust and compatible.

Do It!

So, long story short: UPDATE YOUR WORDPRESS RIGHT NOW. There is a major WordPress hack going around targeting older versions of WordPress. The latest version is unaffected so if you have been a good upgrader you are safe! A couple of big name bloggers (here and here) got hit recently, and it can also happen to you. In fact, it might have happened already! Check this post from Lorelle on WordPress with lots of gorey details about the hack and to find out if you may be a victim.